FR2 EAP-PEAP proxy does not saving attributes

Alan DeKok aland at
Thu Sep 17 10:29:23 CEST 2009

Daniil L. Kharoun wrote:
> Required to authorize wireless users by the protocol EAP-PEAP, but, 
> unfortunately, the radius of the billing system can not EAP-PEAP. Installed 
> freeradius 2.1.6 in proxy mode. Freeradius terminates the tunnel TLS, and 
> requests the radius of the billing system goes on algorithm mschapv2.   
> Problem - freeradius does not save or pass additional attributes of an access 
> point, obtained from the radius of the billing system (attributes for 
> example - WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down).         How to 
> solve the problem?
> [peap] Tunneled authentication was successful.
> [peap] SUCCESS
> [peap] Saving tunneled attributes for later
> Sending Access-Accept of id 231 to port 45920
>         User-Name = "10"
>         MS-MPPE-Recv-Key = 
> 0x95cd48dc452bb7ea093e2a2945d4337a6112847f9ac1dafce280a27713ec34ca
>         MS-MPPE-Send-Key = 
> 0x34066a293d5a0f0f5269014040f41bc79d125807510bc15bf99f75e7e3307977
>         EAP-Message = 0x036b0004
>         Message-Authenticator = 0x00000000000000000000000000000000

  Hmm... that's awkward.  You have "use_tunneled_reply = yes", so it
*should* work.

  I'd suggest debugging the code in more detail.  There's little else
that can be done.

  Alan DeKok.

More information about the Freeradius-Users mailing list